Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/fMmyg7haICAE7N5eNRZYVI8KdUU.roa
File:                     fMmyg7haICAE7N5eNRZYVI8KdUU.roa (raw, json)
Hash identifier:          NjxHK2RTH+046DXwxjkJwIRaW29F7PWxaaZvsb3DHwM=
Subject key identifier:   7C:C9:B2:83:B8:5A:20:20:04:EC:DE:5E:35:16:58:54:8F:0A:75:45
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       018CC56E0E95A00A673A0367B7530F7A1341
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/fMmyg7haICAE7N5eNRZYVI8KdUU.roa
Signing time:             Mon 01 Jan 2024 14:29:33 +0000
ROA not before:           Mon 01 Jan 2024 14:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29604
IP address blocks:        188.255.210.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 21:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:0e:95:a0:0a:67:3a:03:67:b7:53:0f:7a:13:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Jan  1 14:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7cc9b283b85a202004ecde5e351658548f0a7545
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:fa:4e:e0:da:8d:71:5c:3c:d2:d1:6a:fd:1a:
                    9b:ae:25:2b:d6:b8:04:07:00:b9:35:62:df:5f:e3:
                    e2:c0:e7:c3:1f:22:18:f3:11:51:b2:43:b6:8a:54:
                    0c:67:05:a5:52:a7:ab:c2:cf:67:f4:e5:52:d4:58:
                    d6:05:80:73:fb:e2:cb:cd:e4:46:a4:da:45:03:f9:
                    99:6f:de:4c:bc:d1:95:bb:83:0b:73:64:4f:40:d4:
                    a0:19:b5:37:97:94:00:af:10:ec:88:cf:28:8c:0f:
                    94:20:63:b5:b5:10:bd:6e:f3:6b:a5:65:cb:f8:c3:
                    ee:5b:99:d2:f7:26:14:53:7d:ea:73:ac:7f:59:3e:
                    52:9e:6c:2a:61:20:c1:df:6a:b2:8f:2a:4c:94:25:
                    29:ca:d9:3a:d5:3e:b6:0e:c2:9e:50:68:77:d4:7a:
                    8c:79:18:e4:be:2c:b8:ac:bb:b2:85:42:fe:57:e9:
                    89:34:52:db:f4:8d:57:60:64:e4:c0:dc:e0:c1:f0:
                    2f:95:c8:d8:33:94:33:59:25:2b:a1:39:a4:0d:72:
                    4c:74:b4:af:64:d0:e2:81:a0:04:b1:8a:66:3b:7e:
                    21:d4:4e:67:fe:61:5e:ba:9c:0e:29:ff:e2:f8:db:
                    88:ac:0d:40:d4:ce:d9:1a:98:e5:1d:06:4d:cb:e3:
                    c6:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:C9:B2:83:B8:5A:20:20:04:EC:DE:5E:35:16:58:54:8F:0A:75:45
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/fMmyg7haICAE7N5eNRZYVI8KdUU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.255.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:d3:07:6c:b4:8e:c5:bf:0c:13:fa:36:ca:2a:ac:89:18:29:
         27:2f:d3:d6:f0:97:68:44:89:5a:bf:ab:0c:b9:07:c7:37:06:
         2d:b6:34:ec:8d:de:4c:c2:b5:b2:c0:94:d2:28:33:1c:91:78:
         0d:8f:6f:be:89:18:d2:0f:30:f0:cd:dc:5e:7c:6d:e1:97:a7:
         ac:ff:0f:80:e8:3a:cc:97:27:6e:1b:75:3c:e8:c7:9a:83:0a:
         f9:10:2b:ee:e0:09:32:f7:7d:74:83:9e:62:c0:52:8c:84:b4:
         7f:b0:12:00:0a:b1:3d:9b:7a:b0:a7:75:51:cd:0e:7f:82:9f:
         22:f1:95:a7:2c:e4:88:85:fb:6f:e9:9d:d9:47:37:85:bd:0a:
         48:65:1e:ef:77:7b:dd:3c:55:39:1b:5b:0e:7d:f1:86:c3:c2:
         53:ea:43:95:e5:85:18:09:29:9f:c4:00:5a:e6:56:99:ee:ba:
         12:4d:c8:35:e7:a2:f2:ce:bb:26:11:e3:64:a3:d0:2c:70:92:
         0f:d4:a5:50:66:8b:a7:c8:10:6a:43:dc:e2:73:22:67:6b:af:
         9c:92:60:3f:61:3b:23:9b:2d:99:68:ba:74:69:00:56:c0:56:
         aa:67:13:62:5c:14:39:26:34:98:f3:97:3f:b1:6b:cd:a0:40:
         84:29:7b:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbg6VoApnOgNnt1MPehNBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjQwMTAxMTQyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2M5YjI4M2I4NWEyMDIwMDRlY2RlNWUzNTE2NTg1NDhmMGE3NTQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkvpO4NqNcVw80tFq/RqbriUr1rgE
BwC5NWLfX+PiwOfDHyIY8xFRskO2ilQMZwWlUqerws9n9OVS1FjWBYBz++LLzeRG
pNpFA/mZb95MvNGVu4MLc2RPQNSgGbU3l5QArxDsiM8ojA+UIGO1tRC9bvNrpWXL
+MPuW5nS9yYUU33qc6x/WT5SnmwqYSDB32qyjypMlCUpytk61T62DsKeUGh31HqM
eRjkviy4rLuyhUL+V+mJNFLb9I1XYGTkwNzgwfAvlcjYM5QzWSUroTmkDXJMdLSv
ZNDigaAEsYpmO34h1E5n/mFeupwOKf/i+NuIrA1A1M7ZGpjlHQZNy+PGiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHzJsoO4WiAgBOzeXjUWWFSPCnVFMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvZk1teWc3aGFJQ0FFN041ZU5SWllWSThLZFVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvP/SMA0G
CSqGSIb3DQEBCwUAA4IBAQAP0wdstI7FvwwT+jbKKqyJGCknL9PW8JdoRIlav6sM
uQfHNwYttjTsjd5MwrWywJTSKDMckXgNj2++iRjSDzDwzdxefG3hl6es/w+A6DrM
lyduG3U86Meagwr5ECvu4Aky9310g55iwFKMhLR/sBIACrE9m3qwp3VRzQ5/gp8i
8ZWnLOSIhftv6Z3ZRzeFvQpIZR7vd3vdPFU5G1sOffGGw8JT6kOV5YUYCSmfxABa
5laZ7roSTcg156LyzrsmEeNko9AscJIP1KVQZounyBBqQ9zicyJna6+ckmA/YTsj
my2ZaLp0aQBWwFaqZxNiXBQ5JjSY85c/sWvNoECEKXu3
-----END CERTIFICATE-----